IETF Logo Mail Archive

[kitten] Any Interest in a Key Delivery Service?

"Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu> Wed, 13 September 2017 00:10 UTC

Return-Path: <hbhotz@oxy.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65369132F82 for <kitten@ietfa.amsl.com>; Tue, 12 Sep 2017 17:10:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.535
X-Spam-Level:
X-Spam-Status: No, score=-3.535 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3bts2g2RXyP for <kitten@ietfa.amsl.com>; Tue, 12 Sep 2017 17:10:09 -0700 (PDT)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE857132707 for <kitten@ietf.org>; Tue, 12 Sep 2017 17:10:08 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id DF96A2B34E for <kitten@ietf.org>; Wed, 13 Sep 2017 00:10:07 +0000 (UTC)
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YtP32h5zXwq for <kitten@ietf.org>; Wed, 13 Sep 2017 00:10:07 +0000 (UTC)
Received: from [172.20.167.249] (unknown [12.145.98.253]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 8E20C2AE62 for <kitten@ietf.org>; Wed, 13 Sep 2017 00:10:07 +0000 (UTC)
From: "Henry B (Hank) Hotz, CISSP" <hbhotz@oxy.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <2FB98F5F-3981-4EFF-8CFF-FF6B5B3D485C@oxy.edu>
Date: Tue, 12 Sep 2017 17:10:05 -0700
To: "kitten@ietf.org <kitten@ietf.org>" <kitten@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/Ixdt2NAbU-FxxO5raebGsm65HjY>
Subject: [kitten] Any Interest in a Key Delivery Service?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 00:10:10 -0000

I have run into a couple of cases where I wanted the kdc to provide -- not a service ticket -- but an actual encryption key for some data at rest. (Specifically an encrypted disk or a database.)

There are obvious problems to be addressed, or at least agreed to. But just generally is it worth talking about or should we leave this space to the HSM folk?

Personal email.  hbhotz@oxy.edu

v2.23.0 | Report a Bug | By Email